Wi-Fi Hotspots and Liability Concerns

It is a current trend for private and public entities to set up a wireless local-area, or wireless fidelity, network (“Wi-Fi HotSpot”) to provide free internet access to the public.

Private businesses, such as hotels, shopping centers and cafes, may set up a Wi-Fi HotSpot to attract consumer traffic and for advertising purposes. Because the technology and practice are so new, there is great speculation over novel liability issues that may arise in connection with a Wi-Fi HotSpot established by a private business. For example, could the business owner be held liable for (i) cyber crimes committed by a third party using the access point; (ii) content provided to third party users through the wireless access point; (iii) theft of information from a user because the access is not secure; or (iv) harm to children lured by a predator through unsupervised use of the access point?

With respect to crimes committed by a user, the federal Computer Fraud and Abuse Act (“CFAA”), and 18 Pa. C.S. 7611, criminalize certain acts of unauthorized internet access. A provision of both laws require that a user intentionally access a network without authorization (ie, a user parked in a van outside a private business or residence, who hacked into the private wireless access point for the business or residence, would be accessing the network without authorization). This ‘unauthorized use’ element of a cyber crime (such as identity theft) committed by a user through a public access Wi-Fi HotSpot is difficult to prove when access is open to the public and requires no authority for use.

With respect to content (such as copyright infringement, or child pornography), to date the courts and legislatures have been reluctant to hold ISP or wireless access providers responsible or liable for content on the internet, unless the provider actually produces or exercises control and supervision over the objectionable content. There are ISP immunity provisions for content in the Communications Decency Act of 1996 (provisions of which have been held to violate constitutional rights by the Supreme Court), and the Digital Millennium Copyright Act of 1998. These immunity provisions would not necessarily extend to the private business owner setting up a Wi-Fi HotSpot.

With respect to the security of the access, wireless internet access is not secure, by its nature it is broadcast over unrestricted radio or air space. Users or site providers can use passwords and encryption devices in efforts to increase security, however as a practical matter many users never activate these capabilities on their personal computers, and the business owner’s motivation in providing the HotSpot may be stunted if users must sign in for a password in order to obtain access.

With respect to the example of harm to children caused by a sexual predator, this issue could involve more than just internet services and content available to the public. There is an additional potential issue with respect to the physical presence of unsupervised minors at the private business HotSpot location. If a business owner were reasonably aware that unsupervised minors were using the Wi-Fi access point, or had reason to know that predators were using the access point to lure children to the HotSpot location, the business owner could be liable for failing to take reasonable preventative measures.

The predatory luring of children over the internet, and internet child pornography, is an international concern. The US Supreme Court has ruled against or limited enforcement of both the federal Communications Decency Act and the Child Online Protection Act on constitutional grounds. Congress’ third attempt, the Children’s Internet Protection Act, has survived Supreme Court scrutiny but not without dissent. This Act requires that public libraries install child filtering technology on internet access in order to receive federal funds. Libraries also customarily adopt policies requiring that minors accessing the internet be supervised by an adult. No such provisions or restrictions are in place for private business or municipalities providing Wi-Fi HotSpots.

Unfortunately public Wi-Fi access is so new the courts have not established any definitive answer to these liability questions. It is likely some form of the tort premises liability standard adopted in Pennsylvania would provide the basis for determining liability of a private HotSpot provider in the Commonwealth. This standard can be summarized as “the failure of the possessor to exercise reasonable care to (a) discover that such acts are being done or are likely to be done, or (b) give a warning adequate to enable the visitors to avoid the harm, or otherwise to protect them against it”.

Consult your attorneys before setting up a Wi-Fi Hotspot at your business location. The following are some steps a business owner can consider in setting up a Wi-Fi HotSpot to reduce potential liability:

(a) The agreement with the WAP or ISP can ensure that responsibility for providing internet access and services and any liability for internet service or content remains with the WAP or ISP;

(b) The Wi-Fi HotSpot access point can contain a use agreement and disclaimer (sometimes called a “splash page”) that requires the user to click through an agreement before enabling access;

(c) The use agreement and disclaimer can disclose appropriate terms and conditions of use, which prohibit and do not authorize, for example, illegal activity, copyright violations, pornographic or corrupt content, spam, solicitations, advertising, or use of the service by unsupervised minors.

(d) The use agreement and disclaimer can disclose appropriate warnings, such as a warning that the wireless access is not secure; and that internet content is not regulated or controlled by the business; and that there are not filtering devices in place.

(e) Analyze the purpose for providing the Wi-Fi HotSpot, and the area it will cover. For some purposes, a controlled sign-in or password access system may be appropriate and increase security and protection for the users. Filtering programs may also be appropriate for certain uses, and can be disabled for users upon request using a password system (to date the internet filtering programs are not reputed to be very effective).

(f) The splash page can include notice that the private property remains private property, and that the provision of the Wi-Fi HotSpot is not intended as a dedication of the area for public use or as a public forum.

Landlord’s may want to include language in leases (i) limiting a tenant’s right to install a Wi-Fi Hotspot at the premises without the landlord’s prior approval, (ii) indemnifying the landlord for the Wi-Fi use, and (iii) agreeing to remove or modify the Wi-Fi access points in the event the landlord determines it is disruptive, a nuisance or a potential hazard.